Enforcing IRM Security Policies: Two Case Studies

Executive Summary

SPoX (Security Policy XML) is a declarative language for specifying application security policies for enforcement by In-lined Reference Monitors. Two case studies are presented that demonstrate how this language can be used to effectively enforce application-specific security policies for untrusted Java applications in the absence of source code. In-lined Reference Monitors (IRM's) are an emerging paradigm for enforcing a powerful and versatile class of software security policies in the absence of source code. In an IRM framework, a re-writer automatically transforms untrusted applications (e.g., Java bytecode binaries) in accordance with a client-specified security policy.